GDPR Compliance

Last updated: April 06, 2018

WHAT IS GDPR?

In a bid to protect every EU citizen's fundamental right to privacy, the European Union will be implementing the General Data Protection Regulation (GDPR) from May 25, 2018. Essentially, the European Union has taken a giant leap towards giving residents more control over their personal data and how, why, and where it is used, processed, or disposed of.

Once in place, the new rule will clarify how the EU's personal data laws are to be applied outside the borders of the EU as well. Essentially, all organizations working with an EU resident’s personal data are obligated to protect that data, irrespective of location.

Goodman Lantern is well-versed in the processes governing data security. As a result, we are committed to providing the right tools and processes to support both users and customers in meeting their GDPR mandates.

OUR RESPONSIBILITIES

Not only will the regulation affect financial institutions, but it will also have an effect on sales departments, HR departments, and insurance companies. Additionally, the regulations will extend to all companies, startups, and freelancers with any ties to European residents. The far-reaching nature of these new regulations will mean that they are enforceable to any entity that processes the data of a European resident, irrespective of their physical location.

Goodman Lantern and its products follow the laws laid down within the GDPR. We do not store the data of any of the leads provided on our servers, nor do we contact them without their express permission. All leads are processed in real time from our partner networks.

OUR RECOMMENDATIONS

Following the current regulations, the tool is best used for contacting non-EU leads throughout the globe. The tool should not be used for the express purpose of targeting EU residents. It is in the user's best interests to keep lists targeted, applying specific (law abiding) tactics for people inside the EU.

OBTAIN CONSENT PURSUANT TO THE GDPR THROUGH A CONSENT FORM OR A REPLY

In order to remain on the correct side of the new GDPR laws whilst continuing to use emails for lead generation, it may be necessary to create a comprehensive "consent form". This form should be sent to potential customers before following through with any commercial or marketing materials.

The consent form should contain the following information:

- Your company’s identity- The purposes for which the data will be used by your company- Any further information that is necessary for the lead to foster an understanding of the data processing to which they are requested to consent (e.g., third parties with whom the data may be shared)- The individual's right of access to, and the right to rectify, personal data- The individual's right to object to processing and the right to be forgotten- The individual's right to withdraw consent at any time- Confirmation that you will not store a lead’s email addresses in a CRM or similar software before obtaining express consent from them

KEEP YOUR DATA SAFE AND SECURE

Take adequate steps to set up a system where you safely and securely collect all completed consent forms. Legally, it is necessary to have secure backup and archived copies of these forms.

KEEP DATA ACCESSIBLE AT ALL TIMES

To ensure compliance with the "right to be forgotten" principle, it is necessary to build a system that enables you to easily and permanently delete emails and data collected on subjects.

CONCLUSION

Any cold emailing that targets European residents necessitates, first and foremost, a thorough understanding of GDPR regulations. Once in-depth knowledge of these laws has been gained, it is possible to take the necessary steps required for compliance.